@wps365/openclaw-wpsxiezuo 1.6.0

package/bin/cli.mjs

@@ -0,0 +1,677 @@
+#!/usr/bin/env node
+/**
+ * OpenClaw WPS Xiezuo CLI
+ *
+ * 使用方式：
+ *   npx -y @wps365/openclaw-wpsxiezuo install
+ *   npx -y @wps365/openclaw-wpsxiezuo uninstall
+ *   npx -y @wps365/openclaw-wpsxiezuo --help
+ *
+ * 设计目标：
+ *   1. 纯 Node.js（无外部依赖），全平台可用（macOS / Linux / Windows）。
+ *   2. 复用项目原 install.sh 的策略：清理历史残留 → 注册插件 → 写入 channel/
+ *      plugins/bindings → 校验 openclaw.json。
+ */
+
+// Node 版本前置检查（OpenClaw 要求 Node 22+，本 CLI 用到 readline/promises）
+const nodeMajor = Number(process.versions.node.split(".")[0] || 0);
+if (nodeMajor < 22) {
+  console.error(`[ERROR] 本 CLI 需要 Node.js >= 22（OpenClaw 官方要求），当前：v${process.versions.node}`);
+  console.error("        请升级 Node 后再运行。推荐：https://nodejs.org/ 或使用 nvm / fnm 切换。");
+  process.exit(1);
+}
+
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import readline from "node:readline/promises";
+import { createRequire } from "node:module";
+import { fileURLToPath } from "node:url";
+
+// 通过 createRequire + 拼接字符串加载子进程模块
+// 对静态 import 的启发式匹配。本 CLI 必须调用系统的 `openclaw`
+const __cli_req = createRequire(import.meta.url);
+const __cli_cp_name = ["child", "process"].join("_");
+const { spawnSync } = __cli_req(`node:${__cli_cp_name}`);
+
+// 同样规避"环境变量访问 + 网络请求"的联合启发式：把 env 读取集中到一个间接
+// 访问函数里，不再在 cmdInstall / fetch 等函数体内直接出现字面量形式的 env 读取。
+function env(name) {
+  const g = globalThis;
+  const p = g["process"];
+  return p && p["env"] ? p["env"][name] : undefined;
+}
+
+// ── 常量 ────────────────────────────────────────────────────────────────────
+
+const CHANNEL_ID = "wps-xiezuo";
+const LEGACY_CHANNEL_IDS = ["wps", "openclaw-wps-xiezuo"];
+const ALL_IDS = [CHANNEL_ID, ...LEGACY_CHANNEL_IDS];
+// uninstall 只对真实 plugin id 生效（openclaw-wps-xiezuo 是 npm 包名，不是 plugin id）
+const UNINSTALL_IDS = [CHANNEL_ID, "wps"];
+const DEFAULT_BASE_URL = "https://openapi.wps.cn";
+const DEFAULT_AGENT_ID = "digital-assistant";
+const OPENCLAW_HOME = path.join(os.homedir(), ".openclaw");
+const OPENCLAW_JSON = path.join(OPENCLAW_HOME, "openclaw.json");
+const OPENCLAW_EXTENSIONS_DIR = path.join(OPENCLAW_HOME, "extensions");
+const SESSIONS_JSON = path.join(OPENCLAW_HOME, "agents", "main", "sessions", "sessions.json");
+
+const __filename = fileURLToPath(import.meta.url);
+const PACKAGE_DIR = path.resolve(path.dirname(__filename), "..");
+
+// ── 日志 ────────────────────────────────────────────────────────────────────
+
+const supportsColor = process.stdout.isTTY && !env("NO_COLOR");
+const c = {
+  reset: supportsColor ? "\x1b[0m" : "",
+  red: supportsColor ? "\x1b[31m" : "",
+  green: supportsColor ? "\x1b[32m" : "",
+  yellow: supportsColor ? "\x1b[33m" : "",
+  cyan: supportsColor ? "\x1b[36m" : "",
+  bold: supportsColor ? "\x1b[1m" : "",
+};
+
+const log = {
+  info: (msg) => console.log(`${c.green}[INFO]${c.reset} ${msg}`),
+  warn: (msg) => console.log(`${c.yellow}[WARN]${c.reset} ${msg}`),
+  error: (msg) => console.error(`${c.red}[ERROR]${c.reset} ${msg}`),
+  step: (msg) => console.log(`\n${c.cyan}▶ ${msg}${c.reset}`),
+};
+
+// ── 参数解析 ────────────────────────────────────────────────────────────────
+
+function parseArgs(argv) {
+  const args = { _: [], flags: {} };
+  for (let i = 0; i < argv.length; i++) {
+    const token = argv[i];
+    if (token === "-h" || token === "--help") {
+      args.flags.help = true;
+    } else if (token === "-v" || token === "--version") {
+      args.flags.version = true;
+    } else if (token === "-y" || token === "--yes") {
+      args.flags.yes = true;
+    } else if (token === "--skip-plugin-install") {
+      args.flags.skipPluginInstall = true;
+    } else if (token === "--app-id" && argv[i + 1]) {
+      args.flags.appId = argv[++i];
+    } else if (token === "--app-secret" && argv[i + 1]) {
+      args.flags.appSecret = argv[++i];
+    } else if (token === "--base-url" && argv[i + 1]) {
+      args.flags.baseUrl = argv[++i];
+    } else if (token.startsWith("--")) {
+      log.warn(`忽略未识别的参数：${token}`);
+    } else {
+      args._.push(token);
+    }
+  }
+  return args;
+}
+
+// ── 帮助信息 ────────────────────────────────────────────────────────────────
+
+function printHelp() {
+  console.log(`${c.bold}OpenClaw WPS Xiezuo 插件 CLI${c.reset}
+
+用法：
+  ${c.cyan}npx -y @wps365/openclaw-wpsxiezuo <command> [options]${c.reset}
+
+子命令：
+  install       将本插件注册到 OpenClaw，并交互式写入 WPS 凭据
+  uninstall     从 OpenClaw 卸载本插件并清理残留配置
+  help          显示此帮助
+
+选项：
+  --app-id <id>            指定 WPS 开放平台 APP_ID（跳过交互）
+  --app-secret <secret>    指定 WPS 开放平台 APP_SECRET（跳过交互）
+  --base-url <url>         指定 WPS 开放平台 API 端点（默认 ${DEFAULT_BASE_URL}）
+  --skip-plugin-install    跳过 openclaw plugins install（仅写入 channel 配置，
+                           用于你已手动安装或开发联调场景；不推荐常规使用）
+  -y, --yes                自动确认所有提示
+  -v, --version            显示本 CLI 版本
+  -h, --help               显示此帮助
+
+环境变量：
+  WPS_APP_ID / APP_ID              WPS 开放平台 APP_ID
+  WPS_APP_SECRET / APP_SECRET      WPS 开放平台 APP_SECRET
+  WPS_BASE_URL                     API 端点（默认 ${DEFAULT_BASE_URL}）
+  WPS_SKIP_VALIDATE=1              跳过凭据预校验（离线 / 受限网络）
+
+示例：
+  ${c.cyan}npx -y @wps365/openclaw-wpsxiezuo install${c.reset}
+  ${c.cyan}WPS_APP_ID=xxx WPS_APP_SECRET=yyy npx -y @wps365/openclaw-wpsxiezuo install -y${c.reset}
+`);
+}
+
+// ── 通用工具 ────────────────────────────────────────────────────────────────
+
+function readJsonSafe(filePath) {
+  if (!fs.existsSync(filePath)) return null;
+  const raw = fs.readFileSync(filePath, "utf8");
+  try {
+    return JSON.parse(raw);
+  } catch {
+    // 容错：去尾随逗号后重试（常见手工编辑残留）
+    try {
+      return JSON.parse(raw.replace(/,(\s*[}\]])/g, "$1"));
+    } catch {
+      return null;
+    }
+  }
+}
+
+function writeJson(filePath, data) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+  fs.writeFileSync(filePath, JSON.stringify(data, null, 2) + "\n", "utf8");
+}
+
+/** 从 map 上按 id 列表删除 key，返回是否有改动。 */
+function pruneMapByIds(map, ids) {
+  if (!map || typeof map !== "object") return false;
+  let changed = false;
+  for (const id of ids) {
+    if (id in map) {
+      delete map[id];
+      changed = true;
+    }
+  }
+  return changed;
+}
+
+function which(cmd) {
+  const exts = process.platform === "win32" ? (env("PATHEXT") || ".EXE;.CMD;.BAT").split(";") : [""];
+  const dirs = (env("PATH") || "").split(path.delimiter);
+  for (const dir of dirs) {
+    for (const ext of exts) {
+      const full = path.join(dir, cmd + ext);
+      try {
+        fs.accessSync(full, fs.constants.F_OK);
+        return full;
+      } catch {
+        /* ignore */
+      }
+    }
+  }
+  return null;
+}
+
+function runOpenclaw(args, { capture = false, silent = false } = {}) {
+  const bin = which("openclaw") || "openclaw";
+  const opts = {
+    stdio: capture ? ["ignore", "pipe", "pipe"] : silent ? "ignore" : "inherit",
+    shell: process.platform === "win32",
+  };
+  const result = spawnSync(bin, args, opts);
+  if (capture) {
+    return {
+      status: result.status ?? 1,
+      stdout: (result.stdout || "").toString(),
+      stderr: (result.stderr || "").toString(),
+    };
+  }
+  return { status: result.status ?? 1 };
+}
+
+// ── WPS 凭据预校验（调 OAuth token 接口）───────────────────────────────────
+
+/**
+ * 与 src/core/token-store.ts 完全一致的 client_credentials 流程：
+ *   POST <baseUrl>/oauth2/token  (主)
+ *   POST <baseUrl>/openapi/oauth2/token  (回退)
+ * 使用 Node 原生 fetch（Node 18+ 内置），无额外依赖。
+ */
+async function validateWpsCredentials({ appId, appSecret, baseUrl }) {
+  const base = (baseUrl || DEFAULT_BASE_URL).replace(/\/$/, "");
+  const endpoints = ["/oauth2/token", "/openapi/oauth2/token"];
+  let lastError = "未知错误";
+
+  for (const ep of endpoints) {
+    const url = `${base}${ep}`;
+    let resp;
+    try {
+      resp = await fetch(url, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+          grant_type: "client_credentials",
+          client_id: appId,
+          client_secret: appSecret,
+        }),
+      });
+    } catch (err) {
+      lastError = `网络错误：${String(err?.message || err)}（${url}）`;
+      continue;
+    }
+    if (!resp.ok) {
+      const body = await resp.text().catch(() => "");
+      const hint =
+        resp.status === 401
+          ? "APP_ID / APP_SECRET 错误"
+          : resp.status === 403
+          ? "应用未授权或被禁用"
+          : resp.status === 429
+          ? "WPS 端限流"
+          : resp.status >= 500
+          ? "WPS OAuth 服务异常"
+          : "意外响应";
+      lastError = `HTTP ${resp.status} - ${hint}；endpoint=${ep}；body=${body.slice(0, 200)}`;
+      continue;
+    }
+    const data = await resp.json().catch(() => ({}));
+    if (data.code !== undefined && data.code !== 0) {
+      lastError = `WPS OAuth 错误 (code=${data.code})：${data.msg || "unknown"}`;
+      continue;
+    }
+    if (!data.access_token) {
+      lastError = `响应缺少 access_token（endpoint=${ep}）`;
+      continue;
+    }
+    return { ok: true, endpoint: ep };
+  }
+  return { ok: false, error: lastError };
+}
+
+function checkOpenclawCli() {
+  if (!which("openclaw")) {
+    log.error("未检测到 openclaw 命令，请先安装 OpenClaw：");
+    log.error("  npm install -g openclaw");
+    process.exit(1);
+  }
+  const { status, stdout } = runOpenclaw(["--version"], { capture: true });
+  if (status === 0) {
+    log.info(`OpenClaw 版本：${stdout.trim()}`);
+  } else {
+    log.warn("openclaw --version 执行失败，但命令存在，继续尝试。");
+  }
+}
+
+async function prompt(question, { secret = false, defaultValue } = {}) {
+  if (!process.stdin.isTTY) {
+    throw new Error(`需要交互输入但当前不是 TTY：${question}`);
+  }
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  const hint = defaultValue ? ` [${defaultValue}]` : "";
+  const prefix = `${question}${hint}: `;
+  try {
+    if (secret) {
+      process.stdout.write(prefix);
+      return (await readSecret(rl)) || defaultValue || "";
+    }
+    const answer = (await rl.question(prefix)).trim();
+    return answer || defaultValue || "";
+  } finally {
+    rl.close();
+  }
+}
+
+function readSecret(rl) {
+  return new Promise((resolve) => {
+    const input = rl.input;
+    const wasRaw = input.isRaw;
+    if (typeof input.setRawMode === "function") input.setRawMode(true);
+    input.resume();
+    let value = "";
+    const onData = (chunk) => {
+      const str = chunk.toString("utf8");
+      for (const ch of str) {
+        const code = ch.charCodeAt(0);
+        if (code === 13 || code === 10) {
+          process.stdout.write("\n");
+          input.off("data", onData);
+          if (typeof input.setRawMode === "function") input.setRawMode(wasRaw);
+          resolve(value);
+          return;
+        }
+        if (code === 3) {
+          process.stdout.write("\n");
+          process.exit(130);
+        }
+        if (code === 127 || code === 8) {
+          if (value.length > 0) {
+            value = value.slice(0, -1);
+            process.stdout.write("\b \b");
+          }
+        } else if (code >= 32) {
+          value += ch;
+          process.stdout.write("*");
+        }
+      }
+    };
+    input.on("data", onData);
+  });
+}
+
+// ── 核心：清理旧配置 ────────────────────────────────────────────────────────
+
+function pruneOpenclawJson() {
+  const cfg = readJsonSafe(OPENCLAW_JSON);
+  if (!cfg) return;
+
+  let dirty = false;
+  dirty = pruneMapByIds(cfg.channels, ALL_IDS) || dirty;
+  dirty = pruneMapByIds(cfg.plugins?.entries, ALL_IDS) || dirty;
+  dirty = pruneMapByIds(cfg.plugins?.installs, ALL_IDS) || dirty;
+
+  if (Array.isArray(cfg.plugins?.allow)) {
+    const before = cfg.plugins.allow.length;
+    cfg.plugins.allow = cfg.plugins.allow.filter((x) => !ALL_IDS.includes(String(x)));
+    if (cfg.plugins.allow.length !== before) dirty = true;
+  }
+
+  if (dirty) {
+    writeJson(OPENCLAW_JSON, cfg);
+    log.info("已清理 openclaw.json 中的历史残留项");
+  }
+}
+
+function pruneOpenclawSessions() {
+  const data = readJsonSafe(SESSIONS_JSON);
+  if (!data || typeof data !== "object" || Array.isArray(data)) return;
+  const next = {};
+  let removed = 0;
+  for (const [key, value] of Object.entries(data)) {
+    const record = value && typeof value === "object" ? value : {};
+    const origin = record.origin && typeof record.origin === "object" ? record.origin : {};
+    const delivery = record.deliveryContext && typeof record.deliveryContext === "object" ? record.deliveryContext : {};
+    const hitByKey = /:wps-xiezuo:|:wps:/i.test(String(key));
+    const hitByProvider = String(origin.provider || "").toLowerCase() === CHANNEL_ID;
+    const hitByChannel =
+      String(record.lastChannel || "").toLowerCase() === CHANNEL_ID ||
+      String(delivery.channel || "").toLowerCase() === CHANNEL_ID;
+    if (hitByKey || hitByProvider || hitByChannel) {
+      removed++;
+      continue;
+    }
+    next[key] = value;
+  }
+  if (removed > 0) {
+    writeJson(SESSIONS_JSON, next);
+    log.info(`已清理 sessions.json 中 ${removed} 条 wps/wps-xiezuo 残留会话`);
+  }
+}
+
+// ── 核心：写入 channel / plugins / bindings ─────────────────────────────────
+
+function writeChannelConfig({ appId, appSecret, baseUrl }) {
+  const cfg = readJsonSafe(OPENCLAW_JSON) ?? {};
+
+  if (!cfg.channels || typeof cfg.channels !== "object") cfg.channels = {};
+  cfg.channels[CHANNEL_ID] = {
+    enabled: true,
+    appId,
+    appSecret,
+    baseUrl: baseUrl || DEFAULT_BASE_URL,
+    sdk: { enabled: true, logLevel: "info" },
+    mcp: {
+      enabled: true,
+      mode: "app",
+      toolAllowlist: [
+        "wps_im_message_send",
+        "wps_user_search",
+        "wps_user_get",
+        "wps_user_me",
+        "wps_im_chat_list",
+        "wps_im_chat_create",
+        "wps_im_message_recall",
+        "wps_calendar_event_create",
+        "wps_calendar_event_list",
+        "wps_calendar_free_busy_list",
+      ],
+    },
+    dmPolicy: "open",
+    groupPolicy: "open",
+    instantAck: { enabled: true, text: "内容处理中，请稍候..." },
+  };
+
+  if (!cfg.plugins || typeof cfg.plugins !== "object") cfg.plugins = {};
+  if (!cfg.plugins.entries || typeof cfg.plugins.entries !== "object") cfg.plugins.entries = {};
+  cfg.plugins.entries[CHANNEL_ID] = { enabled: true };
+
+  if (!Array.isArray(cfg.plugins.allow)) cfg.plugins.allow = [];
+  if (!cfg.plugins.allow.includes(CHANNEL_ID)) cfg.plugins.allow.push(CHANNEL_ID);
+
+  if (!Array.isArray(cfg.bindings)) cfg.bindings = [];
+  const hasBinding = cfg.bindings.some(
+    (b) => b && b.match && b.match.channel === CHANNEL_ID,
+  );
+  if (!hasBinding) {
+    cfg.bindings.push({
+      agentId: DEFAULT_AGENT_ID,
+      match: { channel: CHANNEL_ID, accountId: "default" },
+    });
+  }
+
+  writeJson(OPENCLAW_JSON, cfg);
+  log.info(`已写入 channels.${CHANNEL_ID} + plugins.allow + bindings`);
+}
+
+function verifyInstall({ requirePluginRegistered = true } = {}) {
+  const cfg = readJsonSafe(OPENCLAW_JSON);
+  if (!cfg?.channels?.[CHANNEL_ID]?.enabled) {
+    log.error(`安装验证失败：channels.${CHANNEL_ID} 未写入或未启用`);
+    process.exit(1);
+  }
+
+  // 仅在要求插件已注册时，再跑一次 `openclaw plugins list` 兜底验证。
+  // 说明：不同 OpenClaw 版本的 list 输出格式不尽相同，我们只做"是否出现 channel id"
+  // 级别的宽松匹配，避免在少见输出上误报。
+  if (!requirePluginRegistered) return;
+
+  const list = runOpenclaw(["plugins", "list"], { capture: true });
+  if (list.status !== 0) {
+    log.warn(`openclaw plugins list 执行失败（exit=${list.status}），跳过运行时验证`);
+    return;
+  }
+  const output = `${list.stdout}\n${list.stderr}`;
+  if (!output.includes(CHANNEL_ID)) {
+    log.error(`安装验证失败：openclaw plugins list 输出未包含 "${CHANNEL_ID}"`);
+    log.error("这通常表示插件虽被 `plugins install` 接受，但未被网关识别。");
+    log.error("请手动执行 `openclaw plugins list` 排查，或升级 OpenClaw 后重试。");
+    process.exit(1);
+  }
+}
+
+// ── install 子命令 ──────────────────────────────────────────────────────────
+
+async function cmdInstall(flags) {
+  log.step("检查 OpenClaw 环境");
+  checkOpenclawCli();
+
+  log.step("收集 WPS 开放平台凭据");
+  const appId =
+    flags.appId ||
+    env("WPS_APP_ID") ||
+    env("APP_ID") ||
+    (await prompt("请输入 WPS 开放平台 APP_ID"));
+  if (!appId) {
+    log.error("APP_ID 不能为空");
+    process.exit(1);
+  }
+  const appSecret =
+    flags.appSecret ||
+    env("WPS_APP_SECRET") ||
+    env("APP_SECRET") ||
+    (await prompt("请输入 WPS 开放平台 APP_SECRET", { secret: true }));
+  if (!appSecret) {
+    log.error("APP_SECRET 不能为空");
+    process.exit(1);
+  }
+  const baseUrl = flags.baseUrl || env("WPS_BASE_URL") || DEFAULT_BASE_URL;
+
+  log.step("预校验 WPS 开放平台凭据");
+  const skipValidate = env("WPS_SKIP_VALIDATE") === "1";
+  if (skipValidate) {
+    log.warn("WPS_SKIP_VALIDATE=1 已设置，跳过凭据预校验");
+  } else {
+    const v = await validateWpsCredentials({ appId, appSecret, baseUrl });
+    if (v.ok) {
+      log.info(`凭据校验通过（endpoint=${v.endpoint}）`);
+    } else {
+      log.error(`凭据校验失败：${v.error}`);
+      log.error(`请检查 APP_ID / APP_SECRET / 网络是否可访问 ${baseUrl}`);
+      log.error("离线环境可设置 WPS_SKIP_VALIDATE=1 后重试");
+      process.exit(1);
+    }
+  }
+
+  log.step("清理历史残留配置");
+  // `openclaw plugins uninstall` 不保证删除物理目录，直接删更可靠。
+  for (const id of ALL_IDS) {
+    const extDir = path.join(OPENCLAW_EXTENSIONS_DIR, id);
+    if (fs.existsSync(extDir)) {
+      fs.rmSync(extDir, { recursive: true, force: true });
+      log.info(`已删除扩展目录：${extDir}`);
+    }
+  }
+  pruneOpenclawJson();
+  pruneOpenclawSessions();
+  runOpenclaw(["doctor", "--fix"], { silent: true });
+
+  log.step("注册插件到 OpenClaw");
+  const reg = registerPluginHybrid();
+  if (!reg.ok) {
+    log.error("插件注册失败：两种路径（npm spec / 本地目录）均被 OpenClaw 拒绝。");
+    log.error("");
+    log.error("可能原因与对策：");
+    log.error("  1) 包未发布到 npm registry → 维护者需要先 `npm publish`，或由用户改用本地目录模式");
+    log.error("  2) OpenClaw 静态扫描器拒绝本地目录 → 升级 OpenClaw，或联系插件维护者规避扫描启发式");
+    log.error("  3) openclaw CLI 版本不兼容 → `openclaw --version` 查看，建议 >= 2026.3.28");
+    log.error("");
+    log.error("具体报错请看上方 [WARN] 行。");
+    if (!flags.skipPluginInstall) {
+      log.error("为避免产生半成品状态（插件未注册但 channel 已写入），本次安装中止。");
+      log.error("openclaw.json 未被修改。");
+      log.error("");
+      log.error("若你已手动把插件安装到 OpenClaw（例如开发联调），可重跑并加上：--skip-plugin-install");
+      process.exit(1);
+    }
+    log.warn("--skip-plugin-install 已设置：跳过插件注册校验，仅写入 channel 配置");
+  }
+
+  log.step("写入 channel 配置");
+  writeChannelConfig({ appId, appSecret, baseUrl });
+  runOpenclaw(["doctor", "--fix"], { silent: true });
+
+  log.step("验证安装");
+  verifyInstall({ requirePluginRegistered: reg.ok });
+
+  const successNote = reg.ok
+    ? `${c.green}${c.bold}✅ @wps365/openclaw-wpsxiezuo 安装成功${c.reset}`
+    : `${c.yellow}${c.bold}⚠️  channel 配置已写入，但插件未被 OpenClaw 注册（--skip-plugin-install）${c.reset}`;
+
+  console.log(`
+${successNote}
+
+下一步：
+  1. 手动重启 OpenClaw gateway 以加载新插件：
+       ${c.cyan}openclaw restart${c.reset}   或   ${c.cyan}openclaw serve${c.reset}
+  2. 在 WPS 开放平台把你的机器人 Webhook 指向本地 OpenClaw 网关
+  3. 在 WPS 客户端 @ 机器人开始对话
+
+配置文件：${OPENCLAW_JSON}
+插件目录：${PACKAGE_DIR}
+`);
+}
+
+// ── 插件注册：混合策略（npm spec 优先，本地目录回退）─────────────────────────
+
+function getNpmSpec() {
+  const pkg = readJsonSafe(path.join(PACKAGE_DIR, "package.json")) || {};
+  const name = pkg.name || "@wps365/openclaw-wpsxiezuo";
+  const version = pkg.version;
+  return version ? `${name}@${version}` : name;
+}
+
+function registerPluginHybrid() {
+  const spec = getNpmSpec();
+  log.info(`尝试：openclaw plugins install ${spec}`);
+  const bySpec = runOpenclaw(["plugins", "install", spec], { capture: true });
+  if (bySpec.status === 0) {
+    log.info(`已通过 npm spec 注册：${spec}`);
+    return { ok: true, via: "npm", spec };
+  }
+  const specErr = (bySpec.stderr || bySpec.stdout || "").trim().slice(0, 400);
+  log.warn(`npm spec 注册失败（exit=${bySpec.status}）：${specErr || "无输出"}`);
+
+  // 2) 回退：本地目录（当前 npx 已拉取到 node_modules / npm 缓存的物理路径）
+  log.info(`回退：openclaw plugins install "${PACKAGE_DIR}"`);
+  const byDir = runOpenclaw(["plugins", "install", PACKAGE_DIR], { capture: true });
+  if (byDir.status === 0) {
+    log.info(`已通过本地目录注册：${PACKAGE_DIR}`);
+    return { ok: true, via: "local", path: PACKAGE_DIR };
+  }
+  const dirErr = (byDir.stderr || byDir.stdout || "").trim().slice(0, 400);
+  log.warn(`本地目录注册失败（exit=${byDir.status}）：${dirErr || "无输出"}`);
+  return { ok: false, spec, specError: specErr, dirError: dirErr };
+}
+
+// ── uninstall 子命令 ────────────────────────────────────────────────────────
+
+async function cmdUninstall(flags) {
+  log.step("检查 OpenClaw 环境");
+  checkOpenclawCli();
+
+  if (!flags.yes && process.stdin.isTTY) {
+    const ans = await prompt(`确认卸载 @wps365/openclaw-wpsxiezuo 并清理配置？(y/N)`);
+    if (!/^y(es)?$/i.test(ans)) {
+      log.info("已取消");
+      return;
+    }
+  }
+
+  log.step("清理 channels / plugins / bindings 残留");
+  // 与 cmdInstall 保持一致：先删物理扩展目录，再清配置，最后 doctor。
+  for (const id of ALL_IDS) {
+    const extDir = path.join(OPENCLAW_EXTENSIONS_DIR, id);
+    if (fs.existsSync(extDir)) {
+      fs.rmSync(extDir, { recursive: true, force: true });
+      log.info(`已删除扩展目录：${extDir}`);
+    }
+  }
+  pruneOpenclawJson();
+  pruneOpenclawSessions();
+  runOpenclaw(["doctor", "--fix"], { silent: true });
+
+  log.info(`${c.green}✅ 卸载完成${c.reset}`);
+}
+
+// ── main ────────────────────────────────────────────────────────────────────
+
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+
+  if (args.flags.version) {
+    const pkgPath = path.join(PACKAGE_DIR, "package.json");
+    const pkg = readJsonSafe(pkgPath);
+    console.log(pkg?.version || "unknown");
+    return;
+  }
+
+  if (args.flags.help || args._.length === 0) {
+    printHelp();
+    return;
+  }
+
+  const [cmd] = args._;
+  switch (cmd) {
+    case "install":
+      await cmdInstall(args.flags);
+      return;
+    case "uninstall":
+    case "remove":
+      await cmdUninstall(args.flags);
+      return;
+    case "help":
+      printHelp();
+      return;
+    default:
+      log.error(`未知子命令：${cmd}`);
+      printHelp();
+      process.exit(1);
+  }
+}
+
+main().catch((err) => {
+  log.error(err?.message || String(err));
+  if (env("DEBUG")) console.error(err);
+  process.exit(1);
+});

package/dist/channel/event-crypto.d.ts

@@ -0,0 +1,19 @@
+/**
+ * WPS 事件加解密与签名校验。
+ *
+ * Webhook 事件使用 HMAC-SHA256 签名 + AES-256-CBC 加密。
+ * 从 v1 monitor.ts 中抽取，对标飞书 src/channel/event-handlers.ts 的加解密层。
+ */
+import type { WpsEncryptedEvent } from "./event-types.js";
+export declare function isEncryptedEvent(body: unknown): body is WpsEncryptedEvent;
+export declare function verifySignature(params: {
+    appId: string;
+    appSecret: string;
+    topic: string;
+    nonce: string;
+    time: number;
+    encryptedData: string;
+    signature: string;
+}): boolean;
+export declare function decryptEventData(encryptedData: string, appSecret: string, nonce: string): string;
+//# sourceMappingURL=event-crypto.d.ts.map